Slopsquatting package install lure — email tells you to `npm install` / `pip install` an AI-flavored package name attackers pre-registered with malware (2026 hallucination-bait supply chain)

"Slopsquatting" is the 2025-2026 supply chain attack where threat actors pre-register package names that large language models (ChatGPT, Claude, Copilot) statistically hallucinate when writing code. Socket, Snyk, Jfrog, and Lasso Security research through 2025 found 20%+ of AI-suggested packages don't exist and a large fraction hallucinate repeatedly on the same prompt — a deterministic target list for attackers. This email-delivery variant lures developers to run a package-install command (npm install / pnpm add / yarn add / pip install / uv pip install / gem install / cargo add / bun add) for a hallucination-bait package name, with AI / agent / LLM / MCP framing to pattern-match the developer's recent ChatGPT or Claude workflow. Once installed, the post-install script exfils secrets, drops a backdoor, or installs a crypto miner. Fires when the body contains an install command AND an AI/agent context keyword AND no direct link to a reputable registry (npmjs.com / pypi.org / rubygems.org / crates.io) for verification. Legitimate dev-tool vendors always link the registry URL in announcements; slopsquatters cannot because their package is not the real one.